Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-1000352

Опубликовано: 27 апр. 2016
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

Отчет

This issue affects the versions of bouncycastle as shipped with Red Hat Subscription Asset Manager 1.x. Red Hat Product Security has rated this issue as having a security impact of Moderate. No update is planned for this product at this time. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
JBoss Developer Studio 11bouncycastleNot affected
Red Hat JBoss Data Grid 7bouncycastleNot affected
Red Hat JBoss Data Virtualization 6bouncycastleOut of support scope
Red Hat JBoss Enterprise Application Platform 7bouncycastleNot affected
Red Hat JBoss Fuse 6bouncycastleWill not fix
Red Hat JBoss Fuse Integration Service 2bouncycastleNot affected
Red Hat OpenShift Application RuntimesbouncycastleNot affected
Red Hat Single Sign-On 7bouncycastleNot affected
Red Hat Software Collectionsrh-eclipse46-bouncycastleWill not fix
Red Hat Subscription Asset ManagerbouncycastleWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-325
https://bugzilla.redhat.com/show_bug.cgi?id=1588330bouncycastle: ECIES implementation allowed the use of ECB mode

EPSS

Процентиль: 59%
0.00386
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2016-1000352

CVSS3: 7.4
ubuntu
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

nvd логотип

CVE-2016-1000352

CVSS3: 7.4
nvd
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES implementation allowed the use of ECB mode. This mode is regarded as unsafe and support for it has been removed from the provider.

debian логотип

CVE-2016-1000352

CVSS3: 7.4
debian
больше 7 лет назад

In the Bouncy Castle JCE Provider version 1.55 and earlier the ECIES i ...

github логотип

GHSA-w285-wf9q-5w69

CVSS3: 7.4
github
больше 7 лет назад

In Bouncy Castle JCE Provider the ECIES implementation allowed the use of ECB mode

suse-cvrf логотип

openSUSE-SU-2018:1689-1

suse-cvrf
больше 7 лет назад

Security update for bouncycastle

EPSS

Процентиль: 59%
0.00386
Низкий

4.8 Medium

CVSS3

Уязвимость CVE-2016-1000352